Welcome To The Home Of The Visual FoxPro Experts  
home. signup. forum. archives. search. google. articles. downloads. faq. members. weblogs. file info. rss.
 From: Stefan Wuebbe
  Where is Stefan Wuebbe?
 Hamburg
 Germany
 Stefan Wuebbe
 To: Ammar Hadi
  Where is Ammar Hadi?
 Al-Samawah
 Iraq
 Ammar Hadi
 Tags
Subject: RE: WebDAV Security hole in IIS 6.0
Thread ID: 228327 Message ID: 228400 # Views: 1 # Ratings: 1
Version: Not Applicable Category: Security and Application Protection
Date: Monday, May 18, 2009 6:48:11 PM         
   


> Hi Stefan,
>
> I want to ask a question although am not a (Web Application admin), am just a curious guy :-).
>
> There is IIS 7.0 that run on Vista. Did they fixed that (hole)?
>
> Here is a lengthy article about IIS 7:
>
> http://msdn.microsoft.com/en-us/magazine/cc163453.aspx
>
> Whats your idea about it?
>

Hi Ammar -

I feel honored that you want to hear my idea about it :-)
It's just a for-what-it's-worth idea though, not at all objective:
In former times, the first versions of IIS were completely unsafe, while Apache was much better.
MS used not to care much for security, often known security issues in MS products were not patched
for months. IIS used to be mentioned in the known-security-issues lists every other week.

Since a few years, beginning someday in the late 1990s, MS changed it's policy.
In the meantime, they can compare, Windows Update, i.e. patch managment and testing, works surprisingly well.
Although there are still several legacies, e.g. some 10,000 bots out there, being controlled by organized
criminals, because WinXP, as the 90++% monopoly O/S still allocates admin privileges for default accounts
(Vista UAC does better).

However, IIS does not get accused by the security experts very often anymore.
My personal bottom line is that if I were a full-time Web admin, I would not refuse to take a look at IIS
these days, although Apache might still be my first choice.
The article you mentioned seems to be a mixture of facts and advertisement though, not extremely neutral,
I'd say.


Regards
-Stefan

ENTIRE THREAD

WebDAV Security hole in IIS 6.0 Posted by Stefan Wuebbe @ 5/18/2009 10:44:39 AM
RE: WebDAV Security hole in IIS 6.0 Posted by Ammar Hadi @ 5/18/2009 4:50:49 PM
RE: WebDAV Security hole in IIS 6.0 Posted by Stefan Wuebbe @ 5/18/2009 6:48:11 PM
RE: WebDAV Security hole in IIS 6.0 Posted by Ammar Hadi @ 5/18/2009 6:59:38 PM
RE: WebDAV Security hole in IIS 6.0 Posted by Stefan Wuebbe @ 5/19/2009 5:04:32 PM
RE: WebDAV Security hole in IIS 6.0 Posted by Ammar Hadi @ 5/20/2009 11:04:03 AM